GCPcloud~30 mins

Why security matters in GCP - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Why Security Matters in GCP

📖 Scenario: You are working as a cloud administrator for a small company that wants to keep its data safe on Google Cloud Platform (GCP). Your job is to set up basic security controls to protect the company's cloud resources from unauthorized access.

🎯 Goal: Build a simple GCP project configuration that includes a secure storage bucket with restricted access and a firewall rule that blocks all incoming traffic except from a trusted IP address.

📋 What You'll Learn

Create a GCP storage bucket named secure-data-bucket

Create a variable called trusted_ip with the value 203.0.113.5/32

Create a firewall rule named allow-trusted-ip that allows incoming TCP traffic on port 22 only from trusted_ip

Set the storage bucket's access control to private so only authorized users can access it

💡 Why This Matters

🌍 Real World

Companies use cloud security controls like storage bucket permissions and firewall rules to protect sensitive data and limit network access to trusted sources.

💼 Career

Cloud administrators and security engineers regularly configure access controls and firewall rules to safeguard cloud infrastructure and comply with security policies.

Progress0 / 4 steps

Create a secure storage bucket

Create a GCP storage bucket named secure-data-bucket with private access control.

GCP

# Create a storage bucket named 'secure-data-bucket' with private access
# Your code here

Need a hint?

Use google_storage_bucket resource with uniform_bucket_level_access = true to make the bucket private.

Add a trusted IP variable

Create a variable called trusted_ip and set it to the string "203.0.113.5/32".

GCP

resource "google_storage_bucket" "secure_data_bucket" {
  name          = "secure-data-bucket"
  location      = "US"
  uniform_bucket_level_access = true
}

# Create a variable called trusted_ip with value "203.0.113.5/32"
# Your code here

Need a hint?

Define a Terraform variable named trusted_ip with the exact default value.

Create a firewall rule to allow trusted IP

Create a firewall rule resource named allow-trusted-ip that allows incoming TCP traffic on port 22 only from the IP address stored in the variable trusted_ip.

GCP

resource "google_storage_bucket" "secure_data_bucket" {
  name          = "secure-data-bucket"
  location      = "US"
  uniform_bucket_level_access = true
}

variable "trusted_ip" {
  type    = string
  default = "203.0.113.5/32"
}

# Create a firewall rule named 'allow-trusted-ip' to allow TCP port 22 from trusted_ip
# Your code here

Need a hint?

Use google_compute_firewall resource with allow block and source_ranges set to var.trusted_ip.

Finalize bucket access control

Ensure the storage bucket secure-data-bucket has uniform_bucket_level_access set to true to enforce private access.

GCP

resource "google_storage_bucket" "secure_data_bucket" {
  name          = "secure-data-bucket"
  location      = "US"
  # Confirm uniform_bucket_level_access is true
  # Your code here
}

variable "trusted_ip" {
  type    = string
  default = "203.0.113.5/32"
}

resource "google_compute_firewall" "allow_trusted_ip" {
  name    = "allow-trusted-ip"
  network = "default"

  allow {
    protocol = "tcp"
    ports    = ["22"]
  }

  source_ranges = [var.trusted_ip]
}

Need a hint?

Make sure the bucket has uniform_bucket_level_access = true to keep it private.